freebsd-nq/sys/conf/options
Robert Watson 12e9f256e3 Kernel options for Mandatory Access Control (MAC).
MAC support will be merged into the main tree over the next week in
reasonable size chunks; much more to follow.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-27 19:50:28 +00:00

561 lines
15 KiB
Plaintext

# $FreeBSD$
#
# On the handling of kernel options
#
# All kernel options should be listed in NOTES, with suitable
# descriptions. Negative options (options that make some code not
# compile) should be commented out; LINT (generated from NOTES) should
# compile as much code as possible. Try to structure option-using
# code so that a single option only switch code on, or only switch
# code off, to make it possible to have a full compile-test. If
# necessary, you can check for COMPILING_LINT to get maximum code
# coverage.
#
# All new options shall also be listed in either "conf/options" or
# "conf/options.<machine>". Options that affect a single source-file
# <xxx>.[c|s] should be directed into "opt_<xxx>.h", while options
# that affect multiple files should either go in "opt_global.h" if
# this is a kernel-wide option (used just about everywhere), or in
# "opt_<option-name-in-lower-case>.h" if it affect only some files.
# Note that the effect of listing only an option without a
# header-file-name in conf/options (and cousins) is that the last
# convention is followed.
#
# This handling scheme is not yet fully implemented.
#
#
# Format of this file:
# Option name filename
#
# If filename is missing, the default is
# opt_<name-of-option-in-lower-case>.h
# Adaptec Array Controller driver options
AAC_COMPAT_LINUX opt_aac.h # Enable the linux ioctl interface
AAC_DEBUG opt_aac.h # Debugging levels:
# 0 - quiet, only emit warnings
# 1 - noisy, emit major function
# points and things done
# 2 - extremely noisy, emit trace
# items in loops, etc.
# Adaptec aic7xxx SCSI controller options
AHC_ALLOW_MEMIO opt_aic7xxx.h # Allow PCI devices to use memory
# mapped I/O
AHC_TMODE_ENABLE opt_aic7xxx.h # Bitmap of units to enable
# targetmode operations.
AHC_DUMP_EEPROM opt_aic7xxx.h # Dump the contents of our
# configuration prom.
AHC_DEBUG_SEQUENCER opt_aic7xxx.h # Enable diagnostic sequencer code
# Adaptec aic79xx SCSI controller options
AHD_DEBUG opt_aic79xx.h # Compile in aic79xx debugging code.
AHD_DEBUG_OPTS opt_aic79xx.h # Aic79xx driver debugging options.
# See sys/dev/aic79xx/aic79xx.h
ADW_ALLOW_MEMIO opt_adw.h # Allow PCI devices to use memory
# mapped I/O
# Miscellaneous options.
ADAPTIVE_MUTEXES
COMPAT_43 opt_compat.h
COMPAT_FREEBSD4 opt_compat.h
COMPAT_SUNOS opt_compat.h
COMPILING_LINT opt_global.h
CY_PCI_FASTINTR
CONSPEED opt_comconsole.h
DDB
DDB_NOKLDSYM opt_ddb.h
DDB_UNATTENDED opt_ddb.h
GDB_REMOTE_CHAT opt_ddb.h
GDBSPEED opt_ddb.h
GEOM
HW_WDOG
KTRACE
KTRACE_REQUEST_POOL opt_ktrace.h
LIBICONV
MD_ROOT opt_md.h
MD_ROOT_SIZE opt_md.h
NDGBPORTS opt_dgb.h
NODEVFS opt_devfs.h
NTIMECOUNTER opt_ntp.h
NSWAPDEV opt_swap.h
PPS_SYNC opt_ntp.h
PUC_FASTINTR opt_puc.h
QUOTA
SPX_HACK
SUIDDIR opt_suiddir.h
MSGMNB opt_sysvipc.h
MSGMNI opt_sysvipc.h
MSGSEG opt_sysvipc.h
MSGSSZ opt_sysvipc.h
MSGTQL opt_sysvipc.h
SEMMAP opt_sysvipc.h
SEMMNI opt_sysvipc.h
SEMMNS opt_sysvipc.h
SEMMNU opt_sysvipc.h
SEMMSL opt_sysvipc.h
SEMOPM opt_sysvipc.h
SEMUME opt_sysvipc.h
SHMALL opt_sysvipc.h
SHMMAX opt_sysvipc.h
SHMMAXPGS opt_sysvipc.h
SHMMIN opt_sysvipc.h
SHMMNI opt_sysvipc.h
SHMSEG opt_sysvipc.h
SYSVMSG opt_sysvipc.h
SYSVSEM opt_sysvipc.h
SYSVSHM opt_sysvipc.h
VFS_AIO
WLCACHE opt_wavelan.h
WLDEBUG opt_wavelan.h
# POSIX kernel options
P1003_1B opt_posix.h
_KPOSIX_PRIORITY_SCHEDULING opt_posix.h
_KPOSIX_VERSION opt_posix.h
#####################################################################
# SECURITY POLICY PARAMETERS
# Support for Mandatory Access Control (MAC)
MAC opt_mac.h
MAC_NONE opt_dontuse.h
# Do we want the config file compiled into the kernel?
INCLUDE_CONFIG_FILE opt_config.h
# Options for static filesystems. These should only be used at config
# time, since the corresponding lkms cannot work if there are any static
# dependencies. Unusability is enforced by hiding the defines for the
# options in a never-included header.
CD9660 opt_dontuse.h
CODA opt_dontuse.h
EXT2FS opt_dontuse.h
FDESCFS opt_dontuse.h
LINPROCFS opt_dontuse.h
MSDOSFS opt_dontuse.h
NULLFS opt_dontuse.h
NWFS opt_dontuse.h
PORTALFS opt_dontuse.h
PROCFS opt_dontuse.h
PSEUDOFS opt_dontuse.h
UMAPFS opt_dontuse.h
NTFS opt_dontuse.h
HPFS opt_dontuse.h
SMBFS opt_dontuse.h
UNIONFS opt_dontuse.h
UDF opt_dontuse.h
# Broken - ffs_snapshot() dependency from ufs_lookup() :-(
FFS opt_ffs_broken_fixme.h
# These static filesystems has one slightly bogus static dependency in
# sys/i386/i386/autoconf.c. If any of these filesystems are
# statically compiled into the kernel, code for mounting them as root
# filesystems will be enabled - but look below.
NFSCLIENT opt_nfs.h
NFSSERVER opt_nfs.h
# If you are following the conditions in the copyright,
# you can enable soft-updates which will speed up a lot of thigs
# and make the system safer from crashes at the same time.
# otherwise a STUB module will be compiled in.
SOFTUPDATES opt_ffs.h
# Enabling this option turns on support for Access Control Lists in UFS,
# which can be used to support high security configurations. Depends on
# UFS_EXTATTR.
UFS_ACL opt_ufs.h
# Enabling this option turns on support for extended attributes in UFS-based
# filesystems, which can be used to support high security configurations
# as well as new filesystem features.
UFS_EXTATTR opt_ufs.h
UFS_EXTATTR_AUTOSTART opt_ufs.h
# Enable fast hash lookups for large directories on UFS-based filesystems.
UFS_DIRHASH opt_ufs.h
# The above static dependencies are planned removed, with a
# <filesystem>_ROOT option to control if it usable as root. This list
# allows these options to be present in config files already (though
# they won't make any difference yet).
NFS_ROOT opt_nfsroot.h
# SMB/CIFS requester
NETSMB opt_netsmb.h
NETSMBCRYPTO opt_netsmb.h
# Options used only in subr_param.c.
HZ opt_param.h
MAXFILES opt_param.h
NBUF opt_param.h
NMBCLUSTERS opt_param.h
NSFBUFS opt_param.h
VM_BCACHE_SIZE_MAX opt_param.h
VM_SWZONE_SIZE_MAX opt_param.h
MAXUSERS
DFLDSIZ opt_param.h
MAXDSIZ opt_param.h
MAXSSIZ opt_param.h
# Generic SCSI options.
CAM_MAX_HIGHPOWER opt_cam.h
CAMDEBUG opt_cam.h
CAM_DEBUG_DELAY opt_cam.h
CAM_DEBUG_BUS opt_cam.h
CAM_DEBUG_TARGET opt_cam.h
CAM_DEBUG_LUN opt_cam.h
CAM_DEBUG_FLAGS opt_cam.h
CAM_NEW_TRAN_CODE opt_cam.h
SCSI_DELAY opt_scsi.h
SCSI_NO_SENSE_STRINGS opt_scsi.h
SCSI_NO_OP_STRINGS opt_scsi.h
# Options used only in cam/scsi/scsi_cd.c
CHANGER_MIN_BUSY_SECONDS opt_cd.h
CHANGER_MAX_BUSY_SECONDS opt_cd.h
# Options used only in cam/scsi/scsi_sa.c.
SA_IO_TIMEOUT opt_sa.h
SA_SPACE_TIMEOUT opt_sa.h
SA_REWIND_TIMEOUT opt_sa.h
SA_ERASE_TIMEOUT opt_sa.h
SA_1FM_AT_EOD opt_sa.h
# Options used only in cam/scsi/scsi_pt.c
SCSI_PT_DEFAULT_TIMEOUT opt_pt.h
# Options used only in cam/scsi/scsi_ses.c
SES_ENABLE_PASSTHROUGH opt_ses.h
# Options used in dev/sym/ (Symbios SCSI driver).
SYM_SETUP_LP_PROBE_MAP opt_sym.h #-Low Priority Probe Map (bits)
# Allows the ncr to take precedence
# 1 (1<<0) -> 810a, 860
# 2 (1<<1) -> 825a, 875, 885, 895
# 4 (1<<2) -> 895a, 896, 1510d
SYM_SETUP_SCSI_DIFF opt_sym.h #-HVD support for 825a, 875, 885
# disabled:0 (default), enabled:1
SYM_SETUP_PCI_PARITY opt_sym.h #-PCI parity checking
# disabled:0, enabled:1 (default)
SYM_SETUP_MAX_LUN opt_sym.h #-Number of LUNs supported
# default:8, range:[1..64]
# Options used only in pci/ncr.c
SCSI_NCR_DEBUG opt_ncr.h
SCSI_NCR_MAX_SYNC opt_ncr.h
SCSI_NCR_MAX_WIDE opt_ncr.h
SCSI_NCR_MYADDR opt_ncr.h
# Options used only in dev/isp/*
ISP_TARGET_MODE opt_isp.h
ISP_FW_CRASH_DUMP opt_isp.h
# Options used in the 'ata' ATA/ATAPI driver
ACD_DEBUG opt_ata.h
AST_DEBUG opt_ata.h
ATAPI_DEBUG opt_ata.h
ATA_DEBUG opt_ata.h
ATA_STATIC_ID opt_ata.h
ATA_NOPCI opt_ata.h
DEV_ATADISK opt_ata.h
DEV_ATAPICD opt_ata.h
DEV_ATAPIST opt_ata.h
DEV_ATAPIFD opt_ata.h
# Net stuff.
ACCEPT_FILTER_DATA
ACCEPT_FILTER_HTTP
BOOTP opt_bootp.h
BOOTP_COMPAT opt_bootp.h
BOOTP_NFSROOT opt_bootp.h
BOOTP_NFSV3 opt_bootp.h
BOOTP_WIRED_TO opt_bootp.h
BRIDGE opt_bdg.h
ETHER_II opt_ef.h
ETHER_8023 opt_ef.h
ETHER_8022 opt_ef.h
ETHER_SNAP opt_ef.h
MROUTING opt_mrouting.h
INET opt_inet.h
INET6 opt_inet6.h
IPSEC opt_ipsec.h
IPSEC_ESP opt_ipsec.h
IPSEC_DEBUG opt_ipsec.h
IPDIVERT
DUMMYNET opt_ipdn.h
IPFILTER opt_ipfilter.h
IPFILTER_LOG opt_ipfilter.h
IPFILTER_DEFAULT_BLOCK opt_ipfilter.h
PFIL_HOOKS opt_pfil_hooks.h
IPFIREWALL opt_ipfw.h
IPFIREWALL_VERBOSE opt_ipfw.h
IPFIREWALL_VERBOSE_LIMIT opt_ipfw.h
IPFIREWALL_DEFAULT_TO_ACCEPT opt_ipfw.h
IPFIREWALL_FORWARD opt_ipfw.h
IPV6FIREWALL opt_ip6fw.h
IPV6FIREWALL_VERBOSE opt_ip6fw.h
IPV6FIREWALL_VERBOSE_LIMIT opt_ip6fw.h
IPV6FIREWALL_DEFAULT_TO_ACCEPT opt_ip6fw.h
IPSTEALTH
IPX opt_ipx.h
IPXIP opt_ipx.h
IPTUNNEL opt_ipx.h
LIBMCHAIN
NCP opt_ncp.h
NETATALK opt_atalk.h
PPP_BSDCOMP opt_ppp.h
PPP_DEFLATE opt_ppp.h
PPP_FILTER opt_ppp.h
RANDOM_IP_ID
SLIP_IFF_OPTS opt_slip.h
TCPDEBUG
TCP_DROP_SYNFIN opt_tcp_input.h
XBONEHACK
# Netgraph(4). Use option NETGRAPH to enable the base netgraph code.
# Each netgraph node type can be either be compiled into the kernel
# or loaded dynamically. To get the former, include the corresponding
# option below. Each type has its own man page, e.g. ng_async(4).
NETGRAPH
NETGRAPH_ASYNC opt_netgraph.h
NETGRAPH_BPF opt_netgraph.h
NETGRAPH_BRIDGE opt_netgraph.h
NETGRAPH_CISCO opt_netgraph.h
NETGRAPH_ECHO opt_netgraph.h
NETGRAPH_ETHER opt_netgraph.h
NETGRAPH_FRAME_RELAY opt_netgraph.h
NETGRAPH_GIF opt_netgraph.h
NETGRAPH_GIF_DEMUX opt_netgraph.h
NETGRAPH_HOLE opt_netgraph.h
NETGRAPH_IFACE opt_netgraph.h
NETGRAPH_IP_INPUT opt_netgraph.h
NETGRAPH_KSOCKET opt_netgraph.h
NETGRAPH_LMI opt_netgraph.h
# MPPC compression requires proprietary files (not included)
NETGRAPH_MPPC_COMPRESSION opt_netgraph.h
NETGRAPH_MPPC_ENCRYPTION opt_netgraph.h
NETGRAPH_ONE2MANY opt_netgraph.h
NETGRAPH_PPP opt_netgraph.h
NETGRAPH_PPPOE opt_netgraph.h
NETGRAPH_PPTPGRE opt_netgraph.h
NETGRAPH_RFC1490 opt_netgraph.h
NETGRAPH_SOCKET opt_netgraph.h
NETGRAPH_SPLIT opt_netgraph.h
NETGRAPH_TEE opt_netgraph.h
NETGRAPH_TTY opt_netgraph.h
NETGRAPH_UI opt_netgraph.h
NETGRAPH_VJC opt_netgraph.h
# DRM options
DRM_LINUX opt_drm.h
DRM_DEBUG opt_drm.h
ZERO_COPY_SOCKETS opt_zero.h
TI_PRIVATE_JUMBOS opt_ti.h
TI_JUMBO_HDRSPLIT opt_ti.h
# ATM (HARP version)
ATM_CORE opt_atm.h
ATM_IP opt_atm.h
ATM_SIGPVC opt_atm.h
ATM_SPANS opt_atm.h
ATM_UNI opt_atm.h
# XXX Conflict: # of devices vs network protocol (Native ATM).
# This makes "atm.h" unusable.
NATM opt_natm.h
DPT_ALLOW_MEMIO opt_dpt.h # Allow PCI devices to use memory
# mapped I/O
# DPT driver debug flags
DPT_MEASURE_PERFORMANCE opt_dpt.h
DPT_HANDLE_TIMEOUTS opt_dpt.h
DPT_TIMEOUT_FACTOR opt_dpt.h
DPT_LOST_IRQ opt_dpt.h
DPT_RESET_HBA opt_dpt.h
# Adaptec ASR and DPT V/VI controller options
ASR_MEASURE_PERFORMANCE opt_asr.h
# Misc debug flags. Most of these should probably be replaced with
# 'DEBUG', and then let people recompile just the interesting modules
# with 'make CC="cc -DDEBUG"'.
CLUSTERDEBUG opt_debug_cluster.h
DEBUG_1284 opt_ppb_1284.h
VP0_DEBUG opt_vpo.h
LPT_DEBUG opt_lpt.h
PLIP_DEBUG opt_plip.h
LOCKF_DEBUG opt_debug_lockf.h
NPX_DEBUG opt_debug_npx.h
NETATALKDEBUG opt_atalk.h
SI_DEBUG opt_debug_si.h
# Fb options
FB_DEBUG opt_fb.h
FB_INSTALL_CDEV opt_fb.h
# ppbus related options
PERIPH_1284 opt_ppb_1284.h
DONTPROBE_1284 opt_ppb_1284.h
# smbus related options
ENABLE_ALART opt_intpm.h
# These cause changes all over the kernel
BLKDEV_IOSIZE opt_global.h
DEBUG opt_global.h
DEBUG_LOCKS opt_global.h
DEBUG_VFS_LOCKS opt_global.h
LOOKUP_SHARED opt_global.h
DIAGNOSTIC opt_global.h
ENABLE_VFS_IOOPT opt_global.h
INVARIANT_SUPPORT opt_global.h
INVARIANTS opt_global.h
MCLSHIFT opt_global.h
MSIZE opt_global.h
REGRESSION opt_global.h
RESTARTABLE_PANICS opt_global.h
VFS_BIO_DEBUG opt_global.h
# These are VM related options
VM_KMEM_SIZE opt_vm.h
VM_KMEM_SIZE_SCALE opt_vm.h
VM_KMEM_SIZE_MAX opt_vm.h
NO_SWAPPING opt_vm.h
MALLOC_PROFILE opt_vm.h
PQ_NOOPT opt_vmpage.h
PQ_NORMALCACHE opt_vmpage.h
PQ_MEDIUMCACHE opt_vmpage.h
PQ_LARGECACHE opt_vmpage.h
PQ_HUGECACHE opt_vmpage.h
PQ_CACHESIZE opt_vmpage.h
# Standard SMP options
SMP opt_global.h
# Size of the kernel message buffer
MSGBUF_SIZE opt_msgbuf.h
# PCI related options
PCI_ALLOW_UNSUPPORTED_IO_RANGE opt_pci.h
# NFS options
NFS_MINATTRTIMO opt_nfs.h
NFS_MAXATTRTIMO opt_nfs.h
NFS_MINDIRATTRTIMO opt_nfs.h
NFS_MAXDIRATTRTIMO opt_nfs.h
NFS_GATHERDELAY opt_nfs.h
NFS_WDELAYHASHSIZ opt_nfs.h
NFS_DEBUG opt_nfs.h
# For the Bt848/Bt848A/Bt849/Bt878/Bt879 driver
OVERRIDE_CARD opt_bktr.h
OVERRIDE_TUNER opt_bktr.h
OVERRIDE_DBX opt_bktr.h
OVERRIDE_MSP opt_bktr.h
BROOKTREE_SYSTEM_DEFAULT opt_bktr.h
BROOKTREE_ALLOC_PAGES opt_bktr.h
BKTR_OVERRIDE_CARD opt_bktr.h
BKTR_OVERRIDE_TUNER opt_bktr.h
BKTR_OVERRIDE_DBX opt_bktr.h
BKTR_OVERRIDE_MSP opt_bktr.h
BKTR_SYSTEM_DEFAULT opt_bktr.h
BKTR_ALLOC_PAGES opt_bktr.h
BKTR_USE_PLL opt_bktr.h
BKTR_GPIO_ACCESS opt_bktr.h
BKTR_NO_MSP_RESET opt_bktr.h
BKTR_430_FX_MODE opt_bktr.h
BKTR_SIS_VIA_MODE opt_bktr.h
BKTR_USE_FREEBSD_SMBUS opt_bktr.h
# meteor opt_meteor.h
METEOR_ALLOC_PAGES opt_meteor.h
METEOR_TEST_VIDEO opt_meteor.h
METEOR_SYSTEM_DEFAULT opt_meteor.h
METEOR_DEALLOC_PAGES opt_meteor.h
METEOR_DEALLOC_ABOVE opt_meteor.h
# Various mi ISA bus flags
COM_ESP opt_sio.h
COM_MULTIPORT opt_sio.h
BREAK_TO_DEBUGGER opt_comconsole.h
ALT_BREAK_TO_DEBUGGER opt_comconsole.h
DEV_ISA opt_isa.h
# Include tweaks for running under the SimOS machine simulator.
SIMOS opt_simos.h
# options for bus/device framework
BUS_DEBUG opt_bus.h
# options for USB support
UHCI_DEBUG opt_usb.h
OHCI_DEBUG opt_usb.h
USB_DEBUG opt_usb.h
UGEN_DEBUG opt_usb.h
UHID_DEBUG opt_usb.h
UHUB_DEBUG opt_usb.h
UKBD_DEBUG opt_usb.h
ULPT_DEBUG opt_usb.h
UMASS_DEBUG opt_usb.h
UMS_DEBUG opt_usb.h
URIO_DEBUG opt_usb.h
UKBD_DFLT_KEYMAP opt_ukbd.h
# Vinum options
VINUMDEBUG opt_vinum.h
# Embedded system options
INIT_PATH opt_init_path.h
ROOTDEVNAME opt_rootdevname.h
FDC_DEBUG opt_fdc.h
PCFCLOCK_VERBOSE opt_pcfclock.h
PCFCLOCK_MAX_RETRIES opt_pcfclock.h
TDFX_LINUX opt_tdfx.h
KTR opt_global.h
KTR_MASK opt_ktr.h
KTR_CPUMASK opt_ktr.h
KTR_COMPILE opt_global.h
KTR_ENTRIES opt_global.h
KTR_VERBOSE opt_ktr.h
MUTEX_DEBUG opt_global.h
WITNESS opt_global.h
WITNESS_DDB opt_witness.h
WITNESS_SKIPSPIN opt_witness.h
# options for ACPI support
ACPI_DEBUG opt_acpi.h
ACPI_NO_SEMAPHORES opt_acpi.h
ACPI_MAX_THREADS opt_acpi.h
# options for DEVFS, see sys/fs/devfs/devfs.h
NDEVFSINO opt_devfs.h
NDEVFSOVERFLOW opt_devfs.h
# various 'device presence' options.
DEV_MCA opt_mca.h
DEV_BPF opt_bpf.h
# ed driver
ED_NO_MIIBUS opt_ed.h
# Polling device handling
DEVICE_POLLING opt_global.h
# Mutex profiling
MUTEX_PROFILING opt_global.h